How do I keep my mac safe through public wifi?

Delighted

macrumors 6502
Original poster
Feb 25, 2012
253
1
I often study and do work in coffee shops where they offer free wifi. Are there any applications I can install on my mac to keep it safe from hackers?

I always see so many people's computer on the shared section of my computer, and I wish to keep myself from 'sharing' to anyone at all in the coffee shop. Thanks.
 

Sirolway

macrumors 6502
Jun 13, 2009
420
21
London
My understanding is that your traffic can easily be read by anyone who knows the WiFi password; in a internet cafe this means pretty much anyone. So you might not want to do your banking online, or anything else that involves sending passwords, online while using one of these hotspots.

SSL (i.e. when your browser turns to httpS) should be fairly secure, but otherwise I'd be wary. Google Calendar & Gmail seem to be over SSL, & anything like banking almost certainly will, but otherwise be careful.

For this reason I tend to tether to my iPhone or use a MiFi - so I'm on my own little secure network rather than sharing a pretty open one with everyone else ...
 

Ccrew

macrumors 68020
Feb 28, 2011
2,035
3
" How do I keep my mac safe through public wifi?"

In all honesty, you don't. You don't connect to anything less than WPA encrypted.

Even with all the suggestions others made, which are correct (except for simsaladimbaba - you can still be found with a network scan), do you realize by default your WiFi card is beaconing the SSID's of the last network you connected to and all in your preferred networks list?
 

negativzero

macrumors 6502a
Jul 19, 2011
564
50
If you are on an unsecured network, only way to secure it is to connect via VPN to a remote server for your Internet uses.
 

sjinsjca

macrumors 68020
Oct 30, 2008
2,072
398
Enable firewall.

Don't do anything sensitive in a browser window that doesn't have an https URL.

Check that your email provider uses SSL- or TLS-encrypted connections.


Your Mac will be fine in any case, so be more concerned about your transactions, privacy and personal information.
 

Mojo1

macrumors 65816
Jul 26, 2011
1,237
13
In all honesty, you don't. You don't connect to anything less than WPA encrypted.
That simply is not the case. There are personal VPN services available that will protect your data traffic when using WiFi and wired public networks. VPN cannot be hacked by hackers who "sniff" network traffic at coffeeshops and similar locations. The cost is very reasonable, around $5/month more or less. There are additional advantages to using VPN even when using your Mac at home or on a trusted network. You can use your VPN account to protect iOS and Android devices too.

I have used Witopia's personal VPN for over four years. Search these forums for previous posts that I have written about VPN and Witopia.
 

Medic278

macrumors 6502a
Feb 1, 2012
657
0
New York
I recommend that you protect yourself by using a firewall, disable file sharing and never do anything sensitive over a public network. Others have said this but its pretty common sense, don't do your banking via public wifi or utilize credit card info or other sensitive info to protect yourself from those out there to steal personal info, sadly they do exist.
 

tunerX

Suspended
Nov 5, 2009
393
825
I recommend that you protect yourself by using a firewall, disable file sharing and never do anything sensitive over a public network. Others have said this but its pretty common sense, don't do your banking via public wifi or utilize credit card info or other sensitive info to protect yourself from those out there to steal personal info, sadly they do exist.
If billing, commerce, and banking sites are not using encrypted connections to their services then you must have some pretty shady service providers. Pretty much any modern organization is going to use standard encryption for connections between their servers and your system.

Public network - disable sharing and enable firewall.

Home network - enable sharing and enable firewall.

If you are using VMWare with windows then ensure the windows guest has good host protection that does IPS/IDS, firewall, antivirus, and malware detection.

Paying a third party VPN service is not really necessary since they are the man-in-the-middle. You send them cipher text, they decrypt it and send out plain text. In most cases Cipher text directly to the service is what you want and most organizations utilize that. Doing sensitive things over a public network is never really a problem if the sensitive things are encrypted from service to user.
 

Medic278

macrumors 6502a
Feb 1, 2012
657
0
New York
If billing, commerce, and banking sites are not using encrypted connections to their services then you must have some pretty shady service providers. Pretty much any modern organization is going to use standard encryption for connections between their servers and your system
I am saying as a general rule of thumb, while I am sure they do, why would I want to risk my personal information on a public network use it I absolutely had no choice.
 

Mojo1

macrumors 65816
Jul 26, 2011
1,237
13
Of course banks and online retailers encrypt data transfers. But a lot of data is sent "in the clear." That is why a VPN is a good idea. A firewall does nothing to protect unencrypted online connections. LittleSnitch, Hands Off and similar utilities are great, but they don't encrypt your Internet connection.

VPN also shields your IP address, prevents your ISP from logging every website that you visit and can make it easier to get on the Internet when traveling in foreign countries. Proxies can do some of these things, but they can be slow, difficult to use and the security is often questionable. You get what you pay for...

The OP wants to be able to safely use public WiFi. VPN is the easy, cost-effective way to do it. Debate it all you like, but it's always been a No Brainer for me.
 

tunerX

Suspended
Nov 5, 2009
393
825
Of course banks and online retailers encrypt data transfers. But a lot of data is sent "in the clear." That is why a VPN is a good idea. A firewall does nothing to protect unencrypted online connections. LittleSnitch, Hands Off and similar utilities are great, but they don't encrypt your Internet connection.

VPN also shields your IP address, prevents your ISP from logging every website that you visit and can make it easier to get on the Internet when traveling in foreign countries. Proxies can do some of these things, but they can be slow, difficult to use and the security is often questionable. You get what you pay for...

The OP wants to be able to safely use public WiFi. VPN is the easy, cost-effective way to do it. Debate it all you like, but it's always been a No Brainer for me.
VPN does not shield your IP address in public WiFi. You actually have to send the VPN traffic sourced from the address that is given to you by the wifi gateway. VPN will actually only provide you privacy on a public. Security is still left to firewalls, IDS/IPS, anti malware, and antivirus. While you can be sending Internet bound traffic encrypted to a relay your system is still open to attack.

Any WiFi is free to sniff, I know your public trips to "embarrasingsite.com" can be embarrassing but who really cares if that data is sent plain text... Truly sensitive data, PII (Personally Identifiable Information) is what you want to protect and that stuff should only ever be sent over SSL/TLS or VPN to sites that you know. Anything else really only casual use.

Protect your PII, ensure your service providers use SSL/TLS, and enable security measures against system breach.

Hey, content nazi... how about a little contact before you change the context of the message. I fully intended "your" over "my" because my trips to embarrassingsite.com... are not really embarrassing to me.
 
Last edited:

Ccrew

macrumors 68020
Feb 28, 2011
2,035
3
That simply is not the case. There are personal VPN services available that will protect your data traffic when using WiFi and wired public networks. VPN cannot be hacked by hackers who "sniff" network traffic at coffeeshops and similar locations. The cost is very reasonable, around $5/month more or less. There are additional advantages to using VPN even when using your Mac at home or on a trusted network. You can use your VPN account to protect iOS and Android devices too.

I have used Witopia's personal VPN for over four years. Search these forums for previous posts that I have written about VPN and Witopia.
You still have to get on an unsecured network before you can instantiate a VPN tunnel. And you're on the network before it does. Pwned. But don't mind me, pen testing is only part of my job description, I don't really know this stuff.


:p
 
Last edited:

Mojo1

macrumors 65816
Jul 26, 2011
1,237
13
The two responses to my posts do more to bewilder readers of this thread than clear things up due to poor syntax, while confusing the different reasons for using VPNs vs. computer-based measures such as firewalls, anti-virus software, etc. VPNs do not replace firewalls/anti-virus software nor do firewalls/anti-virus software replace VPNs. Ideally people should take advantage of all these technologies because they do very different things.

The respondents are also apparently unaware that VPNs can be implemented in a number of ways, with varying degrees of security. Information on VPNs, the different protocols and possible security problems can be easily found via a Google search. IMO even the least secure properly-implemented VPN is much better than allowing unencrypted data transfers; the best VPNs are very secure.

Readers who are considering using a personal VPN service can query providers about specific concerns. Most VPN services are happy to provide detailed technical information; many provide technical information on their websites.

Rather than engage in a pointless debate, I am providing a link to information on how VPNs work and the kinds of protection that they provide users. Since it is written for laypeople, the information is easy to understand and doesn't take long to read. Readers of this thread who want more technical information can find that via Google.

https://help.riseup.net/en/riseup-vpn